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Abstract. One-counter processes (OCPs) are pushdown processes which operate only on a unary stack 
alphabet. We study the computational complexity of model checking computation tree logic (CTL) 
over OCPs. A PSPACE upper bound is inherited from the modal /^-calculus for this problem [20]. 
First, we analyze the periodic behaviour of CTL over OCPs and derive a model checking algorithm 
whose running time is exponential only in the number of control locations and a syntactic notion of 
the formula that we call leftward until depth. In particular, model checking fixed OCPs against CTL 
formulas with a fixed leftward until depth is in P. This generalizes a corresponding result from [12] 
for the expression complexity of CTL's fragment EF. Second, we prove that already over some fixed 
OCP, CTL model checking is PSPACE-hard, i.e., expression complexity is PSPACE-hard. Third, we 
show that there already exists a fixed CTL formula for which model checking of OCPs is PSPACE- 
hard, i.e., data complexity is PSPACE-hard as well. To obtain the latter result, we employ two results 
from complexity theory: (i) Converting a natural number in Chinese remainder presentation into binary 
presentation is in logspace-uniform NC^ [8] and (ii) PSPACE is AC^-serializable [14]. We demonstrate 
that our approach can be used to obtain further results. We show that model-checking CTL's fragment 
EF over OCPs is hard for P'^'', thus establishing a matching lower bound and answering an open 
question from [12]. We moreover show that the following problem is hard for PSPACE: Given a one- 
counter Markov decision process, a set of target states with counter value zero each, and an initial state, 
to decide whether the probability that the initial state will eventually reach one of the target states is 
arbitrarily close to 1. This improves a previously known lower bound for every level of the Boolean 
hierarchy shown in [5]. 



1 Introduction 

Pushdown automata (PDAs) (or recursive state machines; RSMs) are a natural model for sequential pro- 
grams with recursive procedure calls, and their verification problems have been studied extensively. The 
complexity of model checking problems for PDAs is quite well understood: The reachability problem for 
PDAs can be solved in polynomial time [4, 9]. IVIodel checking modal /i-calculus over PDAs was shown to 
be EXPTI M E-complete in [27], and the global version of the model checking problem has been considered 
in [6, 19]. The EXPTIME lower bound for model checking PDAs also holds for the simpler logic CTL 
and its fragment EG [26], even for a fixed formula (data complexity) or a fixed PDA (expression complex- 
ity). On the other hand, model checking PDAs against the logic EF (another natural fragment of CTL) is 
PSPAC E-complete [26], and again the lower bound still holds if either the formula or the PDA is fixed [4]. 
Model checking problems for various fragments and extensions of PDL (prepositional dynamic logic) over 
PDAs were studied in [11]. 

One-counter processes (OCPs) are Minsky counter machines with just one counter and action labels on 
the transitions. They can also be seen as a special case of PDAs with just one stack symbol, plus a non- 
removable bottom symbol which indicates an empty stack (and thus allows to test the counter for zero) and 
hence constitute a natural and fundamental computational model. In recent years, model checking problems 
for OCPs received increasing attention [12, 13,22,20]. Clearly, all upper complexity bounds caiTy over 
from PDAs. The question, whether these upper bounds can be matched by lower bounds was just recently 
solved for several important logics: Model checking //-calculus over OCPs is PSPACE-complete. The 
PSPACE upper bound was shown in [20], and a matching lower bound can easily be shown by a reduction 
from emptiness of alternating unary finite automata, which was shown to be PSPACE-complete in [16, 17]. 
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This lower bound even holds if either the OCP or the formula is fixed. The situation becomes different 
for the fragment EF. In [12], it was shown that model checking EF over OCPs is in the complexity class 
P'^'^ (the class of all problems that can be solved on a deterministic polynomial time machine with access 
to an oracle from NP). Moreover, if the input formula is represented succinctly as a dag (directed acyclic 
graph), then model checking EF over OCPs is also hard for P'^'^. For the standard (and less succinct) tree 
representation for formulas, only hardness for the class p'^f ['°s] (^j^e class of all problems that can be solved 
on a deterministic polynomial time machine which is allowed to make 0{log{n)) many queries to an oracle 
from NP) was shown in [12]. In fact, there already exists a fixed EF formula such that model checking this 
formula over a given OCP is hard for P^PP°gl, i.e., the data complexity is P'^'^['°sl-hard. 

In this paper we consider the model checking problem for CTL over OCPs. By the known upper bound 
for the modal /z-calculus [20] this problem belongs to PSPACE. First, we analyze the combinatorics of 
CTL model checking over OCPs. More precisely, we analyze the periodic behaviour of the set of natural 
numbers that satisfy a given CTL formula in a given control location of the OCP (Theorem 1). By making 
use of Theorem 1, we can derive a model checking algorithm whose running time is exponential only in 
the number of control locations and a syntactic measure on CTL formulas that we call leftward until depth 
(Theorem 2). As a corollary, we obtain that model checking a fixed OCP against CTL formulas of fixed 
leftward until depth lies in P (Corollary 3). This generalizes a recent result from [12], where it was shown 
that the expression complexity of EF over OCPs lies in P. Next, we focus on lower bounds. We show that 
model checking CTL over OCPs is PSPACE-complete, even if we fix either the OCP (Theorem 1 1) or the 
CTL formula (Theorem 14). The proofs for Theorem 11 uses an intriguing reduction from QBF. We have 
to construct a fixed OCP for which we can construct for a given unary encoded number i CTL formulas 
that express, when interpreted over our fixed OCP, whether the current counter value is divisible by 2* and 
whether the bit in the binary representation of the current counter value is 1, respectively. For the proof 
of Theorem 14 (PSPACE-hardness of data complexity for CTL) we use two techniques from complexity 
theory, which to our knowledge have not been applied in the context of verification so far: 

- the existence of small depth circuits for converting a number from Chinese remainder representation 
to binary representation (see Section 6.1 for details) and 

- the fact that PSPACE-computations are seriaUzable in a certain sense (see Section 6.2 for details). 

One of the main obstructions in getting lower bounds for OCPs is the fact that OCPs are well suited for 
testing divisibility properties of the counter value and hence can deal with numbers in Chinese remainder 
representation, but it is not clear how to deal with numbers in binary representation. Small depth circuits for 
converting a number from Chinese remainder representation to binary representation are the key in order 
to overcome this obstruction. 

We are confident that our new lower bound techniques described above can be used for proving further 
lower bounds for OCPs. We present two other applications of our techniques: 

- We show that model checking EF over OCPs is complete for P'*^'' even if the input formula is repre- 
sented by a tree (Theorem 17) and thereby solve an open problem from [12]. Figure 1 summarizes the 
picture on the complexity of model checking for PDAs and OCPs. 

- We improve a lower bound on a decision problem for one-counter Markov decision processes from [5] 
(Theorem 21). More details on this problem are provided below. 

Markov decision processes (MDPs) extend classical Markov chains by allowing so called nondeterministic 
vertices. In these vertices, no probability distribution on the outgoing transitions is specified. The other ver- 
tices are called probabilistic vertices; in these vertices a probabiUty distribution on the outgoing transitions 
is given. The idea is that in an MDP a player Eve plays against nature (represented by the probabilistic ver- 
tices). In each nondeterministic vertex v. Eve chooses a probability distribution on the outgoing transitions 
of v; this choice may depend on the past of the play (which is a path in the underlying graph ending in 
V) and is formally represented by a strategy for Eve. An MDP together with a strategy for Eve defines an 
ordinary Markov chain, whose state space is the unfolding of the graph underlying the MDP. In Section 9, 
we consider infinite MDPs, which are finitely represented by one-counter processes; this formaUsm was in- 
troduced in [5] under the name one-counter Markov decision process (OC-MDP). For a given OC-MDP A 
and a set R of control locations of the OCP underlying A (a so called reachability constraint) the following 
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two sets ValOne(i?) and OptValOne(i?) were considered in [5]: ValOne(i?) is the set of all states s of the 
MDP defined by A such that for every e > there exists a strategy a for Eve under which the probability 
of finally reaching from s a control location in R and at the same time having counter value is at least 

1 — £. OptValOne(-R) is the set of all states s of the MDP defined by A for which there exists a specific 
strategy for Eve under which this probability becomes 1. It was shown in [5] that for a given OC-MDP A, 
a set of control locations R, and a state s of the MDP defined by A, 

- the question whether s G OptValOne(i?) is PSPACE-hardandin EXPTIME, and 

- the question whether s G ValOne(J?) is hard for every level of the Boolean hierarchy BH. 

The Boolean hierarchy is a hierarchy of complexity classes between NP and pi^Pliosl, see Section 6 for 
a definition. We use our lower bound techniques in order to improve the second hardness result for the 
levels of BH to PSPACE-hardness. As a byproduct, we also reprove PSPACE-hardness for OptValOne(i?). 
Currently, it is open, whether ValOne(i?) is decidable; the corresponding problem for MDPs defined by 
pushdown processes is undecidable [10]. 

The paper is organized as follows. In Section 2 we introduce general notation. In Section 3 we define 
one-counter processes and the branching-time logic CTL. Periodicity of CTL on OCPs and a derived model 
checking algorithm is content of Section 4. In Section 5 we give a fixed one-counter net (which is basically 
a one-counter process that cannot test if the counter is zero) for which CTL model checking is PS PAG E- 
hard. Section 6 recalls tools from complexity theory that we need in subsequent sections. We show that 
there already exists a fixed CTL formula for which model checking over one-counter nets is PSPACE- 
hard in Section 7. Finally, we apply our lower bound technique and provide two applications. We prove 
in Section 8 that model checking EF over one-counter nets is P'^'^-hard, thus matching the P'^'^ upper 
bound from [12]. In Section 9 we show that membership in ValOne(i?) over one-counter Markov decision 
processes is PSPACE-hard. 

2 Preliminaries 

We denote the naturals by N = {0, 1, 2, . . .} and the rational numbers by Q. For each i, j G N we define 
= {k gN \ i < k < j}and [j] = In particular [0] = 0.Foreachn G N and each position z > 1, 
letbiti(n) denote the least significant bit of the binary representation of n, i.e., n = J2i>i •biti(n). 
For every finite and non-empty subset M C N \ {0}, define LCM(M) to be the least common multiple of 
all numbers in M. Due to a result ofNair [18] it is known that 2'' < LCM([A:]) < 4*= for all A; > 9. As usual, 
for (a possibly infinite) alphabet A, A* denotes the set of all finite words over A, A+ denotes the set of all 
finite non-empty words over A, and A'^ denotes the set of all infinite words over A. Let A°° = A*\JA^. The 
length of a finite word w is denoted by \w\. For a word w = a\a2 ■ ■ - an & A* (resp. w = aia2 • • • G A'^) 
with tti € A and i G [n] (resp. i > 1), we denote by Wi the letter Oj. A (possibly infinite) directed graph 
G = {V, E) (with E(ZVxV)\s, called deadlock-free if for sAXv there exists v' eV with {v, v') G E. 
If for all u G F there are only finitely many v' G V with (v, v') G E, then G is called image-finite. The set 
of all finite paths in G is the set path_,_(G) = {tt G \ G [|7r| — 1] : (ttj, tti+i) G E}. The set of all 
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infinite paths in G is the set path^^(G) = {tt G | Vi > 1 : (tTj, tTj+i) G E}. A nondeterministic finite 
automaton (NFA) is a tuple A = {S, E, 6, sq, Sf), where 5 is a finite set of states, 17 is a finite alphabet, 
S C S X S X S is the transition relation, so G S' is the initial state, and S*/ C S' is a set of final states. We 
assume that the reader has some basic knowledge in complexity theory, see e.g. [1] for more details. 



3 One-counter processes and computation tree logic 

Fix some countable set V of atomic propositions. A transition system is a triple T = {S, {Sp \ p € V}, — >), 
where (S', — >) is a directed graph and Sp C S for allp £ V with Sp = 9 for all but finitely many p G P. 
Elements of S (resp. are also called states (resp. transitions). We prefer to use the infix notation si S2 
instead of (si, S2) S For x G {+, 1^} let path^(T) = path^(6', — >). For a subset U C S of states, a 
(finite or infinite) path tt is called a U-path if tt £ U°°. 

A one-counter process (OCP) is a tuple O = {Q, {Qp \ p G P}, Sq, (5>o), where Q is a finite set of 
control locations, Qp C Q for each p € P but Qp = % for all but finitely many p G P,5o C Qy.\0,Y\xQ 
is a finite set of z.ero transitions, and 5>o C Q x {—1, 0, 1} x Q is a finite set of positive transitions. The 
i/ze of an OCP is defined as \0\ — \Q\ + X^peT? IQpl + If^ol + |'5>o|- A one-counter net (OCN) is an OCP, 
where C (5>o. A one-counter process O = {Q,{Qp \ p G P}, So, d^o) defines a transition system 
T(C) = (Q X N, {Qp X N I p G P}, -^), where (5, n) {q', n + k) if and only if either n = and 
(g, /c, q') e 60, or n > and (q, A;, q') G (5>o. 

More details on CTL and EF can be found for instance in [2]. Formulas (p of the logic CTL are given 
by the following grammar, where p gP, 

::= p I -lip \ (f Aip \ 3Xip \ 3ip\J(p \ BipWUip. 

Given a transition system T = {S, {Sp \ p G P}, ^) and a CTL formula (p, we define the semantics 
IvJt C 5 by induction on the structure of (p as follows: 

|p]t = Sp for each pG^P 

h^lT = S\Mt 
IVl A (/921t = [</3i1t n |y2lT 

pX^lT = {s G ^ I 3s' G Mr -.s^s'} 
p(^iU(^2lT = {s G I 37r G path+(T) : tti = s,7r|^, G [(p2]T,Vi G [|7r| - 1] : tt, G [(^iJt} 
py^iWU^^zlr = p¥'iU^2lT U {s G 5 I 37r G path„(T) : tti = s, Vz > 1 : tt^ G ^iIt} 

We write (T, s) |= (/^ as an abbreviation for s G {iflr- When additionally T is clear from the context, we 
just writes \= (p. We introduce the usual abbreviations V (^2 = -'(-'</?i A-«^2), true = V for some 
p € P, VKip = -i3X-i<^, 3f-ip = 3trueU(p, and 3G<^ = 3(pWUf alse. Formulas of the CTL-fragment 
EF are given by the following granmiar, where p €P, 

ip ::= p I -i</3 \ ipAip \ 3X(/3 | 3Vip. 

Define the size |(/?| of CTL formulas ip inductively as follows: \p\ = 1, = \ip\ + 1, \ip\ A (^2! = 
+ \V2\ + 1, |3X(^| = Iv-I + 1, and |3(^iU<^2| = |3(^iWU(p2| = |vi| + |<^2| + 1. 



4 CTL on OCPs: Periodic behaviour and upper bounds 

The goal of this section is to prove a periodicity property of CTL over one-counter processes. We will 
use this property in order to establish an upper bound for CTL on OCPs, see Theorem 2. As a corollary, 
we show that for a fixed one-counter process, CTL model checking restricted to formulas of fixed leftward 
until depth (see the definition below) can be done in polynomial time, see Corollary 3. For this, let us define 
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the leftward until depth lud of CTL formulas inductively as follows: 



lud(p) — for each 7-" 

lud(-i(/?) = lud(i^) 

lud(</Ji A (^2) = niax{lud(<^i),lud((/?2)} 

lud(3X(p) = lud(<^) 

\ud{3(pi{)(p2) = max{lud(v3i) + 1, lud(932)} 

lud(3(/?iWU(/?2) = max{lud((yji) + l,lud(i^2)} 



A similar definition of the until depth can be found in [21], but there the until depth of 3ifi(Jtp2 is 1 plus 
the maximum of the until depths of (fi and (p2. Note that lud{ip) < 1 for each EF formula ip. 

Let us fix some one-counter process O — {Q, {Qp \ p S V}, 60, (5>o) for the rest of this section. Let us 
introduce a bit more notation. Let €{+,—}, let 5 G N, and let tt = (gi, ni) ^ (q2, ^2) • • • — > (gfe, nfe) 
(resp. TT = ((ji.ni) ((?2,'^2) — > •••) be a finite (resp. infinite) path in T{0) such that moreover 
ni,ni Q S > for all i. Define tt 5 to be the path that emerges from it by replacing each rii by rii Q S. 
For each position i and j of tt with i < j, define 7r[i, j] to be the subpath of tt that begins in (gj, rii) and 
that ends in {qj,nj). 

We aim to prove the following: For each CTL formula (p we can compute some threshold t and some 
period p, where t,p & expdOj • \(p\), such that for all n € N with n > t only n's residue class modulo p 
determines whether (g, n) e |v5]t(o) or not where g € Q is an arbitrary control location. The goal of this 
section is to give rather precise bounds on the size of the threshold t and the period p embracing the notion 
of leftward until depth from above. 

Let us assume that \Q\ = k. Define K = LCM([A;]) and = ^^^^ formula ip. 

Theorem 1. Let ipbe a CTL formula. Then we can compute in polynomial time a threshold 

tiif) < 2-\ip\-e -K^ 

such that for all n, n' > t{(p) that satisfy n = n' mod we have 

{q,n) e l(pjT(0) if and only if {q,n') € l(pjT(0) (1) 
for each control location q E Q. 

Proof. We prove the theorem by induction on the structure of <f. That t{ip) can be computed in polynomial 
time will be obvious. 

Assume ip gV. Then we put t{ip) = 0. Recall that = ii'i"<i(v) = 1. Trivially, (1) holds. 
Assume (p = -^ip. Then we put t{ip) = t{tp). Equation (1) follows inmiediately by induction hypothesis. 
Assume (p = ipi A ip2. Then we put t{ip) = max{t(^i), 4(^2)}. We have 

t{ip) = max{t(V'i),t(V'2)} 

< max{2-\4>,\-k^ ■K^^\ie{l,2}} 

< 2 ■ \ip\ ■ k'^ ■ 

and hence t{(p) satisfies the requirement of the theorem. Note that = LCM{iif^j , K^^ } by definition. 
By choice of t{(p), Equation (1) holds immediately due to induction hypothesis. 

Assume (p> = BXip. Then we put t{ip) = t{ip) + K^. Thus we get 

2-\i)\-k' ■K^+ 
2 ■ (IV'I + l)-k''-K^ 



m = 

IH 

< 

< 
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counter value 




t{ip) = T + 2-k' -K^ 



T = max{t{iPi),t{tP2)} 




C's control locations 



Fig. 1. The until case. 



and hence t{ip) satisfies the requirement of the theorem. Since t{ip) — t{il)) = > 1, we have that (1) 
follows immediately by induction hypothesis. 

Assume f = ElV-'iU'(/'2- Let us first define the threshold. Let T = max{f(V'i), f(V'2)}- We put t{(fi) = 
T + 2- k"^ ■ Kip. Hence we have 

t{ip) = T + 

< max{2 ■ ■ ■ Kj,, | i e {1, 2}} + 2 • fc^ • 

< 2-{i\ip\-l) + l).k^-K^ 
= 2-\ip\-k'-K^ 

and thus t{ip) satisfies the requirement of the theorem. It remains to prove (1). 

Recall that = L,CM{K ■ K^^ , K^^ } by definition. Let us fix an arbitrary control location q & Q 
and naturals n,n' gN such that t{ip) < n < n' and n = n' mod K^. We have to prove that (1) holds, i.e., 
(g, n) e [v3jx(c>) if and only if {q, n') S [<p]T(e))- For this, let 5 = n' — n, which is a multiple of K^. The 
current situation is shown in Figure 1 . 

'Only-if ' : Let us assume that (g, n) £ |</']t(ci) ■ Hence, there exists a finite path 

TT = (gi,ni) ^ (92,^2) '{qi,ni), 
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counter value 




T = max{t{ipi),t{tp2)} 



O's control locations 

Fig. 2. The path n + 5 witnesses (g, n') € [<p]t(o)- 

where Z > l,7r[l,Z — 1] is a |'^i]T(c>)-path, {q,n) = {qi, ni), md {qi,ni) G |V'21t(c>)- Now we make a 
case distinction. 

Case A: nj > T for each j e [/]. Since K^^ \6 and K^^ \^ we obtain that tt + 6 witnesses (g, n') € IfiT(O) 
by induction hypothesis. This is depicted in Figure 2. 

Case B: nj < T for some j G [I]. For each of tt's counter values h G {n, | i G [I]}, define 

H{h) = min{i G [I] \ rn — h} 

to be the minimal position in tt whose corresponding state has counter value h. We are interested in tt's 
first states of counter value n,n — K^^ , n — 2 • K^^ , and so on. For this, define m(i) = ^{n — i- K^^ ) for 
every appropriate i £ N. By the pigeonhole principle, there are distinct 11,12 G [0, k] such that i\ < i2 and 
1m{ii) = Qm(i2) - Note that ii and 12 are well-defined since 

n-ii- K^^ > n-i2- K^^ > n-k ■ K^^ > T + 2 ■ k"^ ■ - k ■ K^^ > T. 

Let p = qm(ii) = 9m(i2) d = it — 12 G [k]. Hence, d divides K. Moreover, let a denote tt's 
subpath from {qm(ii),nm(ii)) = {p,n - h ■ K^^) down to (gm(i2): "m(i2)) = (p,n - 12 ■ if^J = 
{p,n — i\ ■ K^^ — d ■ K^^), i.e., formally a = 7r[m(ii), 771(12)]. The current situation is depicted in 
Figure 3. The path a is indicated thick. 
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counter value 



n 



. '^m(^l) + S 




t{ip) = T + 2-k^ ■ 



T = max{t(V'i),t(V'2)} 



Cs control locations 



Fig. 3. The path from (q, n) can be merged from {q, n'). 



counter value 




t{if) = T + 2-k'' -K^ 



T = max{t(V'i),t(V'2)} 



C's control locations 



■-0 



Fig. 4. Shortening paths above T of height difference at least k ■ K ■ K^^ by height K ■ K^^ . 



We have to prove {q,n') e I^'Itco)- For this, we show that there exists a |'!/'i]T(e')-path tt^ from 
{q,n') down to (<7m(ii)j ^m('ii)) = {p,n — ii ■ K^^). Thus, since tt^ meets tt in {p,n — ii ■ K^^^), it 
follows {q, n') € |^]t(C')- The path ttj^ is indicated by a dashed curve in Figure 3. Our path Tr^ consists 
of two concatenated paths. First recall that the path a loses a counter height of precisely d ■ K^^ . The first 
part of TTj is the path 7r[l, m{ii)\ shifted upwards by the offset 5. The second part of tt^ is the path from 

ii ■ if^i) that we can 
many times. 



(9m(ii),»^m(ii) + ^) = {P,n-ii- K^^ + 5) down to {qm{ii) , ^^.(11)) = {P,n 
obtain by first shifting a up by the offset 6 and then downward pumping it precisely 

This is possible since ^ is a multiple of K^, which is in turn a multiple of K ■ K^^ , hence 



d-K, 



^1 



'If: Assume that [q, n') G IvlT(e>)- To prove that {q, n) € |<^]t(c>)> we will use the following claim. 

Claim: Assume some |V'ilT(e')-path {qi,n{) [q^, n2) ■ ■ ■ — > {qi,ni) whose counter values are all 
strictly above T and where ni — ni > k"^ ■ K ■ K^^^. Then there exists a IV^ilj-j-o^-path from (gi, ni) to 
{qi,ni + K ■ K^^ ) strictly above T + K ■ K^^ . The statement of the claim is depicted in Figure 4. 

Thus, the claim tells us that paths that lose height at least k^ ■ K ■ K^^ and whose states all have counter 
values strictly above T can be hfted by a height precisely K ■ K^^ . 

Let us postpone the proof of the claim and first finish the proof of the if-direction. Since by assumption 

(g, n') G |iy3]T(C')' there exists a finite path 



71" = (91, m) (52,^2) • • 



{qi,ni), 
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where tt[1, Z - 1] is a |^i]T(o)-path, {q, n') = (gi, rii), and where {quni) £ lip2jT{0)- To prove {q, n) G 
|<^]T(e'), we make a case distinction. 

Case A: nj > T for each j e [I]. Assume that the path 7r[l, I — 1] contains two states whose counter 
difference is at least k"^ ■ K ■ if ^^ + K^p which is (strictly) greater than k"^ ■ K ■ K^^ . Since is a multiple 
of K ■ K^^ by definition, we can shorten 7r[l, ^ — 1] by a height precisely by applying the above claim 
j^.^^ S N many times. We repeat this shortening process of 7r[l, Z — 1] by height as long as this is no 
longer possible, i.e., until there are no two states whose counter difference is at least k'^ ■ K ■ K^^ + K^p. 
Let a denote the |V'i]T(c>)"Path starting in (g, n') that we obtain from 7r[l, I — 1] until the before mentioned 
shortening is no longer possible. Thus, cr ends in some state with a counter value that is congruent n;_i 
modulo K^p (since we shortened 7r[l, ^ — 1] by a multiple of K^). Since K^, is in turn a multiple of K^^, 
we can build a path a' which extends the path cr by a single transition to some state that satisfies V2 by 
induction hypothesis. Moreover, by our shortening process, the counter difference between any two states 
in <j' is at most 

k^ -K -K^.+Kp < 2 • fc2 . K^. 

Since n > T + 2 ■ k"^ ■ K^, it follows that the path a' — 6 (which starts in {q, n)) is strictly above 
T. Moreover, since 5 is a multiple of K^^ and K^^, this path witnesses (g, n) e |</']t(o) by induction 
hypothesis. 

Case B: rij ~ T for some j G [I]. Let jo G [I] be minimal such that nj„ = T. Note that 7r[l, jo — 1] is 
a |'(/'i]7'(c))-path whose counter values are all strictly above T. Moreover the maximal counter difference 
between two states of 7r[l, jo — 1] is at least 

2-k'^ -K^-l + S > k'^-K-K^,+6. 

Hence, in analogy to case A, we can shorten 7r[l, jo — 1] precisely by height 6. Let a denote the resulting 
path. Then cr — (5 is a |V'i]T(0)-path that ends in (g^o-i, n^^-i) and starts in {q, n). We can append 7r[jo — 
1, 1] to this path. The resulting path witnesses (g, n) G |v]t(C')- 

It remains to prove the above claim. 

Proof of the claim. For each counter value h G {n, | z G [?]} that appears in tt, let 

li{h) = min{z G [Z] \ni =h} 

denote the minimal position in tt whose corresponding state has counter value h. Define A ~ k ■ if ^j . We 
will be interested ink-K many consecutive intervals (of counter values) each of size Z\ - we will call these 
intervals blocks. Define the bottom 6 = m — (fc •/<')• Zi. A WocA: is an interval = \b+{i — l)-A,h+i- A] 
for some i G [k ■ K]. Since each block has size A = k ■ K^,^ , we can think of each block Bi to consist of 
k consecutive subblocks of size K^^ each. Note that each subblock has two extremal elements, namely its 
upper and lower boundary. Thus all k subblocks have k + 1 boundaries in total. Hence, by the pigeonhole 
principle, for each block Bi, there exists some distance di G [k] and two distinct boundaries 1) and 
(3{i, 2) of distance di ■ K^^ such that the control location of tt's earliest state of counter value /3(i, 1) agrees 
with the control location of tt's earliest state of counter value /3(i, 2), i.e., formally 

The situation is depicted in Figure 5. Observe that shortening the path tt by gluing together tt's states 
at position 1)) and fi{/3{i,2)) still results in a |?/;i]y(0)-path by induction hypothesis, since we 

shortened the height of tt by a multiple of K^^ . Our overall goal is to shorten tt by gluing together states 
only of certain blocks such that we obtain a path whose height is in total precisely K ■ K^^ smaller than 
tt's. 

Recall that there are k ■ K many blocks. By the pigeonhole principle there is some d G [k] such that 
di = d for at least K many blocks Bi. By gluing together G N pairs of states of distance d ■ K^^ each, 
we shorten tt by a height of ^ ■ d - K^^ = K ■ K^^ . This proves the claim. 

Assume y = 3i/»i WU V'2 • This can can easily seen to be proven analogously to the case when y> = 3i/»i UV'2 • 

□ 
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counter value 








O's control locations 



Fig. 5. Repeating control locations in blocks 



Theorem 2. The following problem can be solved in time 0(log(n) + \Q\^ ■ \tp\^ ■ 4l'3l-i"^('^) • \5o U 5>q\): 
INPUT: A one-counter process O = {Q,{Qp \ p € 'P}, ^o, <^>o). CYL formula ip, a control location 

q (z Q and some natural n G N given in binary. 
QUESTION: iq^n) e Mt(o)? 

Proof. Let k = \Q\. We first compute the threshold t{(p) < 2 ■ \(p\ ■ k'^ ■ K^p from Theorem 1. Then we 
have (g,n) e |</5]t(o) if ^^d only if (g,m) e Mt(c>)> where either n = m < t{ip) or n > t{(p) and 
m is the unique number in the interval [t{(p) + 1, t{(p) + K^], which is congruent n modulo K^. We can 
find this number in time 0(log(n)). Now we check {q, m) e |</'1t(c») using the standard algorithm for 
model checking CTL on finite transition systems. The only difference is that if we reach a counter value of 
t{ip) + + 1, then we replace this value by t(<^) + 1. More precisely, we compute inductively for every 
subformula ip of ip the set 

S{i:) = mTiO)niQx[tiip)+K^]). 

Let us sketch the case of an until formula ip = ElV'i UV'2- By induction, we have already computed the sets 
S{'ipi) and S{i/j2)- The set S{ip) is computed by a fixpoint iteration. Initially, we put all elements from 
S'(V'2) into S{tp). Then, we perform the following fixpoint iteration process as long as possible. Assume 
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that {p, k) € S{tpi) is a state, which does not belong to the current S{tp). Assume that (p, k) has a T{0)- 
successor (where a counter value of t{ip) + + 1 is reduced to t{ip) + 1) in S'(V'). Then we add (p, k) to 
S{'4)). The correctness of this fixpoint iteration process follows from Theorem 1. The size of each set S{'ip) 
is bounded by 0{\Q\ ■ \(p\ ■ k^ ■ K^) C 0{\Q\^ ■ \(p\ ■ 4lQI-'"d(v)). Computing can be done in time 
0(|Q|3 . \ip\ ■ 4lQI-'"<i(y) . u ^>o|). Hence, the total time bound is 0(log(n) + \Q\^ ■ |v>|2 • 4l'3l-'"d(¥') . 
|<5oU5>o|). □ 

Corollary 3. For every fixed one-counter process O = {Q, {Qp \ p e V}, 6o, 6>o) and every fixed k the 
following problem is in P; 

INPUT: A CYL formula with lud((^) <k, a control location q & Q and some natural n G N given in 
binary. 

QUESTION: (q,n) e Mt(o)-^ 

Corollary 3 generalizes a result from [12], stating that the expression complexity of EF over one-counter 
processes is in P. 



5 Expression complexity for CTL is hard for PS PACE 

The goal of this section is to prove that model checking CTL is PSPACE-hard already over a fixed one- 
counter net. We show this via a reduction from the well-known PSPACE-complete problem QBF. Our 
lower bound proof is separated into three steps. In step one, we define a family of CTL formulas (<pi)i>i 
such that over the fixed the one-counter net O that is depicted in Figure 6 we can express (non-)divisibility 
by 2*. In step two, we define a family of CTL formulas {ipi)i>i such that over O we can express if the 
bit in the binary representation of a natural is set to 1. In our final step, we give the reduction from QBF. 

For step one, we need the following simple fact which characterizes divisibility by powers of two. 
Recall that [n] = {1, . . . , n], in particular [0] — 0. 

Fact 4 Let n>0 and i > 1. Then the following two statements are equivalent: 

- 2* divides n. 

- 2*~^ divides n and \{n' e [n] | 2'"^ divides n'}\ is even. 

The set of atomic propositions of O in Figure 6 coincides with its control locations. Recall that O's zero 
transitions are denoted by Sq and O's positive transitions are denoted by 5>o. Since So C 5>o. we have that 
O is indeed a one-counter net. 

Note that both t and t are control locations of O. Now we define a family of CTL formulas (<^i)i>i 
such that for each n £ N we have that first {t, n) \= (^,; if and only if 2* divides n and second (t, n) \= cpi 
if and only if 2* does not divide n. On first sight, it might seem superfluous to let the control location t 
represent divisibility by powers of two and the control location t to represent non-divisibility by powers 
of two since CTL allows negation. However the fact that we have only one family of formulas (i^,;),;>i to 
express both divisibility and non-divisibility is a crucial technical subtlety that is necessary in order to avoid 
an exponential blowup in formula size. By making use of Fact 4, we construct the formulas inductively. 
First, let us define the auxiliary formulas test = tWt and cp^ = 90 V qi V 52 V 53. Think of (p<^ to hold in 
those control locations that altogether are situated in the "diamond" in Figure 6. We define 

(fii = test A 3X (/ A EF(/ A -3Xc,)) . 
Now assume i > 1. Then we define 

ipi = test A BXfii, where 

lii = 3((/5o A 3X(^j_i)U(go A -13X51). 

Observe that (fi can only be true either in control location t or t. Note that the formula right to the until 
symbol expresses that we are in qo and that the current counter value is zero. Also note that the formula 
left to the until symbol requires that <^o holds, i.e., we are always in one of the four "diamond control 
locations". In other words, we decrement the counter by moving along the diamond control locations (by 
possibly looping) and always check if 3X(^j_i holds, just until we are in qo and the counter value is zero. 
Since (pi-i is only used once in (pi, we get: 
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Fig. 6. The one-counter net O for which CTL model checking is PSPACE-hard 
Facts \ip,\ e 0{i). 

The following lemma shows the correctness of the construction. 
Lemma 6. Let n > and i > 1. Then 

(1) {t,n) \= ipi if and only if 2'' divides n. 

(2) (t,n) \= (fi if and only if 2^ does not divide n. 

Proof We prove statements (1) and (2) simultaneously by induction on i. For the induction base, assume 
i = 1. We only show Point (2), i.e. {t, n) G [vi]T(e>) if ^tnd only if is odd. We have the following 
equivalences: 

(t,n)\=ipi <^ n > 1 and (/, n - 1) |= EF(/ A -BXg) 
^ n>land(/,n-l)^* (/,0) 
<^=^ n > 1 and n — 1 is even 
n is odd 

Point (1) can be shown analogously for i = 1. 

For the induction step, assume i > 2 and that the statement in the lemma holds for i — 1. It is easy to verify 
by the construction of O and by induction hypothesis that the following claim holds. 

Claim A: For every n > 1 the following equivalences hold: 

{qo,n) \^ ip(, ABXipi^i {q2,n) ^ ip^ A3Xipi_i <^=^ 2*"^ divides n 

(qi, n) ^ <^o A 3Xi^i_i '^=> {q3,n) \= ifo A3Xipi-i 2*^^ does not divide n 

Using Claim A, one can easily show the following (recall that m = 3{ipo A 3X(pj_i)U(go A -i3Xgi)): 
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Claim B: For every n > the following equivalences hold: 

(go, n) 1= ^=> 2*^^ divides n and \{n' G [n] \ 2*~^ divides n'}| is even 
{qi,n) \= Hi 2'^^ does not divide n and |{n' € [n] | 2'^^ divides n'}| is odd 

(92) J^) N Mi 2*^^ divides n and \{n' G [n] | 2*^^ divides n'}\ is odd 

(93) 'n) \= fJ-i '^=> 2'~^ does not divide n and \{n' £ [n] | 2'~^ divides n'}\ is even 



Let us now prove Point (1) from the lemma for i >2. We have the following equivalences: 

{t,n) \= (fi {qQ,n) \= ^li 

CLun^B divides n and |{n' G [n] | 2*~^ divides n'}| is even 

Fact 4 rt? 1- • 1 

•4=> 2 divides n 

For Point (2), we have the following equivalences: 

(i, n) H v'i <s=^ 3j e {1, 2, 3} : (g^, n) |= Mi 

2»-i does not divide n and \{n' € [n] \ 2'"^ divides n'}\ is odd (i.e. j = 1), 
or 2'"^ does not divide n and |{n' G [n] | 2'"^ divides n'}| is even (i.e. j = 3), 
or 2'"^ divides n and |{n' G [n] \ 2*"^ divides n'}| is odd (i.e. j = 2) 
-^=^ 2'~^ does not divide n or (2*~^ divides n and |{n' G [n] | 2*~^ divides n'}| is odd) 

2* does not divide n 

□ 

For expressing if the bit of a natural is set to 1, we make use of the following fact. 

Fact? Let n > andi > 1. Then biti{n) = 1 ifandonly if\{n' G [n] | 2*~^ divides n'}\ is odd. 

Proof. We have 

bit,(n) = 1 <s=^ n mod 2' G [2*-\ 2* - 1] 

<S=^ 3r G [0, 2'-^ - 1], fc > : n = r + (2A; + 1) • 2'"^ 
<S=^ |{n' G [n] I 2'-^ divides n'}| is odd. 

□ 

Let us now define a family of CTL formulas (V'i)i>i such that for each n G N we have biti(n) = 1 if and 
only if (t, n) \= tjji. We set 

V'l = fi and 

V'i = t A 3X((q'iV52) A fj,i) foreachz>l. 
Fact 5 and the construction of immediately yield the following fact. 

Facts l^il G 0{i). 

The following lemma shows the correctness of the construction. 

Lemma 9. Let n > and let i > 1. Then (t, n) \= ipi if and only ifbiti{n) = 1. 
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Proof. The case i = 1 is covered by Lemma 6. For i>2, the following equivalences hold: 

{qi,n) ^ or (52, h A^i 

either 2*^^ does not divide n and |{n' S [n] \ 2*~^ divides n'}| is odd 
or 2*^^ divides n and \{n £ [n] \ 2*~^ divides n'}| is odd 
\{n' e [n] I 2^-1 divides n'}| is odd 

biti(n) = 1 

□ 

For our final step, let us give a reduction from QBF. Let a be the following quantified Boolean formula 

a = QkXk Qk-iXk-i ■■■ Qixi f3{xi,...,xk), 

where /3 is a Boolean formula over variables {xi, ... ,Xk} and Qi E {3,V} is a quantifier for each i G [k]. 
Our overall goal is to give a CTL formula such that our QBF formula a is valid if and only if (t, 0) \= 6. 
A truth assignment ?9 : {.xi, . . . , .Xfe} {0, 1} corresponds to the natural numbern(i!?) G [0, 2*^ — 1], where 
\>\ti{n{'d)) = 1 if and only if ^{xi) = 1, for each i G [k]. First, let (3 be the CTL formula that is obtained 
from the Boolean formula (3 by replacing every occurrence of every variable Xi by i/'i- Hence we obtain 
that for each -d : {xi, . . . , Xk} {0, 1} we have |= if and only if (t, n{'d)) |= /? by Lemma 9. 

It remains to define 9. Recall that 9 will be evaluated in {t, 0). Let us parse our quantified Boolean 
formula a from left to right. Setting the variable Xk to 1 will correspond to adding 2*^"^ to the counter 
and getting to state (t, 2'^"^). Setting Xk to on the other hand will correspond to adding to the counter 
and hence remaining in state {t, 0). Next, setting x^-i to 1 corresponds to adding to the current counter 
value 2*^"^, whereas setting Xk-i to corresponds to adding 0, as expected. Adding zero to the counter 
will be realized by the finite path that jumps from control location t to pa and then back to t. Adding 2'~^ 
to the counter, on the other hand, will be realized by a finite path that jumps from control location t to pi 
(and thereby adds 1 to the counter), then loops at pi as long as the counter value is not divisible by 2*"^ 
(which can be ensured by checking if (pi , n) |= 3X{t A fi-i) by Lemma 6) and finally jumps back to t 
when the counter value is divisible by 2*~^ for the first time again. We repeat this process until we have 
to set xi either to 1 or to 0. Eventually setting xi to 1 will correspond to go from t to p\ (hence adding 1 
to the counter) and then getting back to t, whereas setting xi to will correspond to go from t to po and 
then back to t. After that, we finally check if /3 holds. Recall that Qk, - ■ ■ ,Qi are the quantifiers of our 
quantified Boolean formula a. For each i e [2, k], let us define formula 6i as 

6i = Qi^^ {{Po V pi) Oi 3 {{po V 3X(t A U A A 6^-1))^ ^ and 

Ox = QiX((poVpi)Oi3X^) 

with Oi = A in case Qi = 3 and Qi = — » in case Qi =y for each i G [k]. As expected, we put 9 = 9k. 
Observe that the size of 9 is polynomial in the size of a and that 6 can be computed in logarithmic space 
from a. We finally obtain the following easy equivalence. 

Lemma 10. The formula a is valid if and only if{t, 0) G |^1t(c>)- 

This finishes our PSPACE lower bound proof for expression complexity of CTL over one-counter nets. We 
have the following theorem. 

Theorem 11. CTL model checking of the fixed one-counter net Ofrom Figure 6 is PSPkQE-hard. 

Note that the formula 6 in our reduction necessarily has a leftward until depth that depends on the size of 
a. By Corollary 3 this cannot be avoided unless P = PSPACE. Observe that in order to express divisibility 
by powers of two, our CTL formulas (iPi)i>Q have a linearly growing leftward until depth. 



{t, n) \= ipi 

Claim B 



Fact? 
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6 Tools from complexity theory 



For Section 7-9 we need some concepts from complexity theory. The i level BH « of the Boolean hierarchy 
is defined as follows: BHi = NP, BHsi = {Li n L2 | £i G BH2i-i,L2 G coNP}, and BHzi+i = 
{L\ U L2 I i-i G BH2i, L2 G NP}. The Boolean hierarchy BH is defined as Ui>iBHj. The class P***"^ is 
the class of all problems that can be solved on a polynomially time bounded deterministic Turing machine 
with access to an oracle from NP. By pi^Pliog] we denote the class of all problems that can be solved on 
a polynomially time bounded deterministic Turing machines which can have access to an NP-oracle only 
logarithmically many times. It is known that BH C pNP[iog] 

For naturals m > 1 and < M < 2"^ - 1 let BIN„(M) = biti(M) ■ • •bit„(M) G {0, 1}™ denote 
the m-bit binary representation of M. In [25], it was shown that the following problem is complete for 

pNP. 

INPUT: A Boolean formula V'(a:i, . . . , a;^)? 

QUESTION: Is ^ satisfiable and is the maximal number M G [0, 2™ - 1] with ■^(BIN„(M)) = 1 even 
(i.e. is the lexicographically maximal satisfying assigrmient even)? 

6.1 Circuit complexity 

More details on circuit complexity can be found in [24]. A Boolean circuit C = C{xi, . . . ,a;„) is a 
directed acyclic graph (dag) with the following properties (in the following, nodes of C are called gates, 
the in-degree (resp. out-degree) of a gate is called its fan-in (resp. fan-out)): 

- The gates with fan-in (they are called input gates in the following) are labeled with one of the symbols 

- Every gate with fan-in at least one is labeled with either AND or with OR. 

- The gates of fan-out (they are called output gates in the following) are linearly ordered, we denote 
this order by oi , . . . , Om in the following. 

Such a circuit computes a function fc : {0, 1}" ^ {0, 1}™ in the obvious way. Threshold circuits may in 
addition to Boolean circuits contain majority gates. Such a gate outputs 1 if and only if at least half of its 
input gates evaluate to 1. The fan-in of a circuit is the maximal fan-in of a gate in the circuit. The size of 
a circuit is the number of gates in the circuit. The depth of a circuit is the number of gates along a longest 
path from an input gate to an output gate. An kC^ -circuit family (resp. TC^ -circuit family) is a sequence 
(Cn)n>i of Boolean circuits (resp. threshold circuits) such that for some polynomial p{n) and constant c: 

- the size of C„ is at mostp(n), 

- the depth of C7„ is at most c, and 

- for each m there is at most one circuit in (C„)„>i with exactly m input gates. 

An \^C^ -circuit family is a sequence (C„)„>i of Boolean circuits such that for some polynomial p(n) and 
constant c: 

- the size of C„ is at most p{n), 

- the depth of C„ is at most c • log(n), 

- the fan-in of C„ is at most 2, and 

- for each m there is at most one circuit in (C„)„>i with exactly m input gates. 

Circuit families of these types compute partial mappings on {0, 1}* in the obvious way.' Finally, a circuit 
family {Cn)n>o is called logspace-uniform if there exists a logspace transducer that computes on input 
1" a representation (e.g. as a node-labeled dag) of the circuit C„. In the literature on circuit complexity 
one can find more restrictive notions of uniformity, see e.g. [24], but logspace uniformity suffices for our 
purposes. In fact, polynomial time uniformity suffices for proving our lower bounds w.r.t. polynomial time 
reductions. 

' Note that we do not require to have for every n > a circuit with exactly n input gates in the family, therefore the 
computed mapping is in general only partially defined. 
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For our lower bound on the data complexity of CTL, we use a deep result from [8, 15]. First, we need a 
few definitions. Let pi denote the prime number. It is well-known from number theory that the prime 

requires 0(log(i)) bits in its binary representation. For a number < M < YiiLi Pi we define the Chinese 
remainder representation CRRm(M) as the Boolean tuple 

CRRto(M) = (a;j,r)ie[r»],0<r<pi with Xi^r = 

By the following theorem, we can transform a CRR-representation very efficiently into binary representa- 
tion. 

Theorem 12 ([8, Thm. 3.3]). There is a logspace-uniform HQ^ -circuit family {Bm{{xi^r)i^[m],o<r<pi))m>i 
such that for every m > 1, has has m output gates and 

m 

VO < M < : B™(CRR„(M)) = BIN„(M moJ2™). 

i=l 

By [15], we could replace logspace-uniform NC^-circuits in Theorem 12 even by DLOGTIME-uniform 
TC"-circuits. The existence of a P-uniform NC^-circuit family for converting from CRR-representation to 
binary representation was already shown in [3]. 

Usually the Chinese remainder representation of M is the tuple (rj)jg[m], where rj = Mmodpj. 
Since the primes pi will be always given in unary notation, there is no essential difference between this 
representation and our Chinese remainder representation. The latter is more suitable for our purpose. 

6.2 Serializability 

Intuitively, a complexity class Ci is called C2-seriahzable (where C2 is another complexity class) if every 
language L £ Ci can be accepted in the following way: There exists a polynomial p{n) and a C2-machine 
(or C2-circuit family) A such that x £ Lis checked in 2^(1^1-' many stages, which are indexed by the strings 
from {0, In stage y € {0, A gets from the stage indexed by the lexicographic predecessor 

of y a constant number of bits bi,. . . ,bc and computes from these bits, the index y and the original input x 
new bits b'l, . . . ,b'^ which are delivered to the lexicographic next stage. In [7] it was shown that PSPACE 
is P-seriahzable; in [14] this result was sharpened to AC'^-seriahzability, see also [23]. It is not stated in 
[14,23] but easy to see from the proofs that logspace-uniform AC^ suffices for seriaUzing PSPACE, see 
the appendix for more details. 

For our purpose, a shghtly different definition of AC"-serializability is useful: A language L is AC°- 
seriaUzable if there exists an NFA A over the alphabet {0, 1}, a polynomial p{n), and a logspace-uniform 
AC°-circuit family (C„)„>o, where C„ has exactly n -\- p{n) many inputs and one output, such that for 
every x G {0, 1}" we have: 

x&L ^ C„(x, Of(")) • • • C„(x, e L{A), 

where "• • • " refers to the lexicographic order on {0, 1}p("). A proof that every language in PSPACE is 
AC°-serializable in this sense can be found in the appendix. 

7 Data complexity for CTL is hard for PSPACE 

In this section, we prove that also the data complexity of CTL over one-counter nets is hard for PSPACE 
and therefore PSPACE-complete by the known upper bounds for the modal /i-calculus [20]. Let us fix the 
set of propositions V = {a, /3, 7} for this section. In the following, w.l.o.g. we allow in 5q (resp. in 5>o) 
transitions of the kind {q, k, q'), where A; S N (resp. fc S Z) is given in unary representation with the 
expected intuitive meaning. 



1 if M mod Pi = r 
else 
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Proposition 13. For the fixed EF formula (p = {a ^ 3X(/3 A EF(-i3X7))) the following problem can be 
solved with a logspace transducer: 

INPUT: A list of the first m consecutive (unary encoded) prime numbers and a Boolean formula F = 

F{{xi,r)ie[m],0<r<pi) 

OUTPUT: An OCN 0{F) with distinguished control locations in and out, such that for every number 
< M < Yl^iPi the following are equivalent: 

- F(CRR„(M)) = 1 

- There exists a \ip\j'[o(F))-P'^fh from (in, M) to (out, M) in T{0{F)). 

Proof. W.l.o.g. we may assume tliat negations occur in F only in front of variables. Then, a negated formula 
->Xj,r can be replaced by the disjunction \/{xi^k | < fc < pi, r 7^ fc}. Note that this can be done in 
logspace, since the primes pi are given in unary. Hence, we can assume that F does not contain negations. 

The idea is to traverse the Boolean formula F with the OCN 0{F) in a depth first manner. Each time 
a variable Xi^r is seen, the OCN may also enter another branch, where it is checked, whether the current 
counter value is congruent r modulo pi. Let 

(<3,{<3a,Q/3,Q7}'^o,^>o), where 

{in(G'), out(G') I G is a subformula of F} U {div(pi), . . . , 6iY{pm)-, -L} 

{\n{xi r) I i G [m] , < r < pj} 
{div(pi),...,div(pm)} 
{^}- 

We set in = in(i^) and out = out(i^). Let us now define the transition sets 5o and (5>o. In case G = 
G\ V G2 is a subformula of F, we add the following transitions to and ^>o: 

(in(G),0,in(G,))> (out(G,), 0, out(G)) for i G {1,2}. 

In case G = Gi A G2 is a subformula of F, we add the following transitions to 5o and (5>o: 

(in(G),0,in(Gi)), (out(Gi), 0, in(G2)), (out(G2), 0, out(G)). 
For every variable Xi^r we add to 5q and (5>o the transition 

(in(a;i,r),0,out(a;i,r))- 

Moreover, we add to 5>o the transitions 

{m.{xi^r),-r, div(pj)) 

The transition (in(a:i_o)) 0, div(pi)) is also added to Sq. For the control locations div(pi) we add to (5>o the 
transitions (div (p, ) , —pi , div (p, ) ) and (div (p j ) , — 1 , _L ) . This concludes the description of the OCN 0{F). 
Correctness of the construction can be easily checked by induction on the structure of the formula F. □ 

We are now ready to prove PSPACE-hardness of the data complexity. 

Theorem 14. There exists a fixed CTL formula of the form 3(piU(p2, where Lp\ and ip2 are EF formulas, 
such that the following problem is PSPACE-complete: 
INPUT: An OCN O and a control location q ofO. 
QUESTION: {T{0), (g,0)) h ^Vi^'P2? 

Proof. Let us take an arbitrary PSPACE-complete language L. Recall from Section 6.2 that PSPACE is 
AC°-seriaUzable [14] and hence NC^-seriaUzable. Thus, there exists an NFA A = {S, {0, 1}, S, sq, Sf) 
over the alphabet {0, 1}, a polynomial p{n), and a logspace-uniform NC^-circuit family (G„)„>o, where 
Cn has n + p{n) many inputs, such that for every x £ {0, 1}" we have: 

xgL ^ G„(x,Of("))---G„(x,F(")) eL(^), (2) 



0{F) = 

Q = 
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where "• • • " refers to the lexicographic order on {0, 1}p("). Fix an input x & {0, 1}". Our reduction can 
be split into the following five steps: 

Step 1. Construct in logarithmic space the circuit C„. Fix the the first n inputs of C„ to the bits in x, and 
denote the resulting circuit by C; it has only m = p{n) many inputs. Equivalence (2) can be written as 

2"-l 

xeL ^ H C(BIN„(M)) € L{A). (3) 

M=0 

Step 2. Compute the first m consecutive primes pi, ■ ■ ■ ,Pm- This is possible in logarithmic space, see 
e.g. [8]. Note that every pi is bounded polynomially in n. Hence, every pi can be written down in unary 
notation. Note that H^i Pi > 2" (if m > 1). 

Step 3. Compute in logarithmic space the circuit B = Bm{{xi^r)i<^[m\fi<r<pi) from Theorem 12. Thus, B 
is a Boolean circuit of fan-in 2 and depth 0(log(m)) = 0(log(n)) with 

B{GKRrn{M)) = BIN„(M mod 2™) 

for every < M < H^i Pi- 
Step 4. Now we compose the circuits B and C: For every i <E [m], connect the input of the circuit 
C{xi , ■ ■ ■ , Xm) with the output of the circuit B. The result is a circuit with fan-in 2 and depth O(log(n)). 
We can unfold this circuit into a Boolean formula F = F{{xi^r)i^[m\fi<r<pi)- The resulting formula (or 
tree) has the same depth as the circuit, i.e., depth 0(log(n)) and every tree node has at most 2 children. 
Hence, F has polynomial size. Thus, for every < M < 2™ we have F(CRR„(M)) = C(BIN„(M)) 
and equivalence (3) can be written as 

2'"-! 

xeL ^ JJ F(CRR„(M)) e L{A). (4) 

M=0 

Step 5. We now apply our construction from Proposition 13 to the formula F. More precisely, let G be 
the Boolean formula Aie[m] ^i,ri were r, = 2™ mod pi for i e [m] (these remainders can be computed 
in logarithmic space). For every 1-labeled transition t G (5 of the NFA A let 0{t) be a copy of the OCN 
0{F A -.G). For every 0-labeled transition r G (5 let 0{t) be a copy of the OCN 0(-.F A -^G). In both 
cases we write 0{t) as (Q(t), {Qa(T), (5^(t), Q-y(t)}, 5q{t), (5>o(t)). Denote with in(r) (resp. out(T)) 
the control location of this copy that corresponds to in (resp. out) in 0{F). Hence, for every fe-labeled 
transition r G (5 (6 G {0, 1}) and every < M < Hi^liPj there exists a |<^]T(c>(T))"Path i'-P is from 
Proposition 13) from (in(T), M) to (out(T), M) if and only if F(CRR„(M)) = 6 and M ^ 2™. 

We now define an OCN O — {Q, {Qa, Qp, Qj}, ^o, '^>o) as follows: We take the disjoint union of all 
the OCNs 0{t) for t G S. Moreover, every state s £ S of the automaton A becomes a control location of 
O: 

Q = SU\J Q{t) 

reS 

Qp=\J Qp{t) forp G {q;,/3,7} 

We add to and ^>o for every r = {s,b,t) £5 the following transitions: 

(s,0,in(T)), (out(T),+l,<). 

Then, by Proposition 13 and (4) we have x G L if and only if there exists a |(^]7'(c))-path in T{0) from 
(so, 0) to (s, 2™) for some s G Sf. Also note that there is no |</5]T(c')-path in T{0) from (so, 0) to some 
configuration (s, M) with s G S and M > 2™. It remains to add to O some structure that enables O to 
check that the counter has reached the value 2"*. 
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For this, use Proposition 13 to construct the OCN 0{G) (where G is from above) and add it disjointly 
to O. Moreover, add to 5>o and the transitions (s, 0, in) for all s e Sf, where in is the in control location 
of 0{G). Finally, introduce a new proposition p and set Qp = {out}, where out is the out control location 
of 0{G). By putting q = sq we obtain: 

x&L {T{0), {q, 0)) 1= 3 (a ^ 3X(/3 A EF(-3X7))) U p. 

•• . ' 

(fi from Proposition 13 

This concludes the proof of the theorem. □ 

By slightly modifying the proof of Theorem 14, the following corollary can be shown. 

Corollary 15. There exists a fixed CTL formula of the kind 3Gil>, where ip is an EF formula, such that the 
following problem is PSPACE-complete: 
INPUT: An OCN O and a control location q ofO. 
QUESTION: (T(0), (g,0)) \= BGtp? 

Proof. The proof is almost identical to the proof of Theorem 14, except that we do not introduce the 
atomic proposition p. We rather add both to 6o and (5>o the transition (out, 0, in), where out is the out 
control location of 0{G) and in is the in control location of 0{G). We define V' = 3G(^, where again tp is 
the formula from Proposition 13. □ 



8 Combined complexity of EF is hard for P'^'^ 

In this section, we will apply the efficient transformation from Chinese remainder representation to binary 
representation (Theorem 12) in order to prove that the combined complexity for EF over one-counter nets 
is hard for P'^^. For formulas represented succinctly by dags (directed acyclic graphs) this was already 
shown in [12]. The point here is that we use the standard tree representation for formulas. 

Proposition 16. The following problem can be solved by a logspace transducer: 

INPUT: A list of the first m consecutive ( unary encoded) prime numbers and a Boolean circuit C = 
(^{{xi,r)ie[m]fi<r<pi) i'with a single output gate) 

OUTPUT: An OCN 0{C) with a distinguished state in and an EF formula ^{C) such that for every number 
< M < nl^i Pi have: 

C(CRR™(M)) = 1 ^ {T{0{C)), (in, M)) [= ^{C). 

Proof As in the proof of Proposition 13 we can eliminate in C all input gates labeled with a negated 
variable. Moreover, we can w.l.o.g. assume that the circuit C is organized in A; + 1 layers, where each layer 
either contains only AND- or OR-gates. All children of a node in layer i belong to layer i -\- 1. Layer 1 
contains only the unique output gate of the circuit, whereas layer k-\-l contains the input gates. For i G [A;], 
let ii = AND (resp. £i = OR) if layer i consists of AND-gates (resp. OR-gates). 

The state set of the OCN 0{C\ b) contains all gates of the circuit C; the unique output gate becomes 
the distinguished state in. We add the transition (gi, 0, 52) to 5q and 5>o if gate 32 is a child of gate gi. If 
gate g is an input gate labeled with Xi^r then we add the transition [g, —r, div{pi)) to 5>o. If r = 0, then 
the transition {g, 0, div{pi)) is also added to Sq. Finally, for the states div(pi) we have the same transitions 
as in the proof of Proposition 13. This concludes the description of the OCN 0(C). 

In order to describe the EF formula ip{C) let Mi = 3X (resp. Mi = VX) if ti = OR (resp. ii = AND) 
fori G [fc]. Then let 

(/^(C) = MiM2---Mfe3XEF(^3X7), (5) 

where the proposition 7 is used in the same way as in the proof of Proposition 13 to allow to test if the 
counter value is zero. It is clear that this formula fulfills the requirements of the theorem. □ 

Theorem 17. The following problem is P^^-hard: 

INPUT: An OCN O, a state qo ofO, and an Ef formula ip. 
QUESTION: {T{0), {qo,0)) \= ip? 
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Proof. Let us take a Boolean formula ip{xi, . . . ,Xm)- We construct an OCN with a distinguished state 
g'o and an EF formula such that {T{0^), {qo, 0)) \= ip^ if and only if ^ is satisfiable and the maximal 
number M £ [0, 2™ - 1] with ?/>(BIN„(M)) = 1 is even. 

As in the proof of Theorem 14 (Steps 2 and 3), we compute in logarithmic space the list pi, . . . ,Pm 
of the first m consecutive primes and the circuit B = Bm,{{xi,r)ie[m\fi<r<pi) of logarithmic depth and 
fan-in at most two from Theorem 12. We combine B with the Boolean formula 'ip{xi, . . . , Xm) and obtain 
a Boolean circuit C = C{{xi^r)ie[m],o<r<pi) such that for every number < M < 2™ — 1: 

V'(BIN„(M)) = 1 ^ C{CRRm{M)) = 1. (6) 

As in the proof of Theorem 14 let G be the Boolean formula /\ -^ j^^^ j .x,; ,. . were = 2™ mod Pi for i G [m] . 
The main structure of the OCN is described by the following diagram: 



+ 1 -1 
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From the states qo, p, r, and s some further 0-labeled transitions emanate to OCNs of the form constructed 
in Proposition 16: 

- From qo a transition into the initial state in of a copy of 0{C). 

- From p and s a transition into the initial state in of a copy of 0(0). 

- From r a transition into the initial state in of a copy of 0(^C). 

Now our EF formula (f^ expresses the following: We can reach a configuration {qo, Mi) from {qo, 0) in 
the OCN such that the following holds: 

- C{CRRm{Mi)) = 1, 

- from (go, Mi) we cannot reach a configuration {p, Mq) with < Mo < Mi and G{CRRm{Mo)) = 1 
(i.e., Mo = 2™ mod niliP*)- and 

- for all configurations (r, M2) that are reachable from {qo,Mi) (hence M2 > Mi) the following 
holds: If we cannot reach a configuration {SyM^) from (r, M2) with G(CRRj„(M3)) = 1 then 

C(CRR„(M2)) =0. 

Using the formulas constructed in Proposition 16, it is straightforward to transform this description into a 
real EF formula. This concludes the proof. □ 

At the moment we cannot prove P'^'' -hardness for the data complexity of EF over OCPs. For this, it would 
be sufficient to have a fixed EF formula (f{C) in (5). Note that this formula only depends on the number of 
layers k of the circuit C. Hence, if C is from an AC°-circuit fanoily, then ip{C) is in fact a fixed formula. 
In our case, the circuit is the composition of two circuits, one from an NC^ -circuit family (coming from 
Theorem 12, where we could even assume a TC°-circuit family) and a Boolean formula, which can be 
assumed to be in conjunctive normal form. Hence, the main obstacle for getting a fixed formula is the fact 
that converting from Chinese remainder representation to binary representation is not possible in AC° (this 
is provably the case). 

9 Reachability objectives on one-counter Markov decision processes 

In this section we show that the techniques developed in the previous sections can be used to improve a 
lower bound on verifying reachability objectives on one-counter Markov decision processes from [5]. 
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A probability distribution on a non-empty finite set 5 is a function / :5'^{a;eQ|0<a;<l} 
such that J2ses /(*) — ^- restrict here to rational probabiUties, in order to get finite representations 
for probability distributions. A (image-finite) Markov chain is a triple C = {S, /), where {S. is an 
image-finite and deadlock-free directed graph (S is also called the set of states of C) and / assigns to each 
s G S a probabiUty distribution f{s) over all (the finitely many) successors of s w.r.t. — >. If s — > t, then 
we also use the notations /(s, t) = x or s ^ t for {f{s)){t) = x £ Q. A (image-finite) Markov decision 
process (MDP) is a triple T> = {V,^, /), where {V, ^) is again an image-finite and deadlock-free directed 
graph, the set V of vertices is partitioned asV = Vn^HVp (Vn is the set of nondeterministic vertices, Vp is 
the set of probabilistic vertices), and / assigns to each probabilistic vertex w £ Vp a probability distribution 
on i>'s successors. A strategy a is a function that assigns to each wv with w &V* and € Vat a probability 
distribution on v's successors. If a assigns to wv and v' (where v ^ v') the probabiUty x, then we write 
a{wv, v') = X. Every strategy a determines a Markov chain T>{a) = {V^ , /), where wv ^ wvv' if 
and only if v ^ v' and moreover either v & Vp and f{v, v') = x, ox v & Vn and a(wv, v') = x. Let 
path^('Z>) = path^(V,'^) and path^(D(ij)) = path^(F+,^); paths in these sets will be called rani in 
T) or V{a), respectively. Note that every run in V corresponds to a unique run in V{a) and vice versa in a 
natural way. In order to simplify notation, we will quite often identify these corresponding runs. Let us fix 
a set of target vertices (also called a reachability objective) T CV of the MDP V. For each strategy a and 
each vertex vGVofV, let 

ReachJ(w) = {w € path.^{V{a)) \ wi = v and3i > 1 : Wi G V*T} 

denote all runs in ^{a) that start in v and that satisfy the reachability objective T in V. For each T and 

each V, the set Reach^(w) is measurable. The probability P(Reach^(u)) for the set ReachJ(i') can be 
obtained as follows: Take all finite paths w G pathj(X'(c7)) that start in v and such that the last state of 
w is from V*T but no previous state in w is from V*T (this set is prefix free). For each such finite path 
w = vji ■ ■ ■ Wn such that Wi Wj+i in 2?(cr) the probability is xi ■ X2 ■ ■ ■ Xn-i- Finally, the probability 
for Reach J (i>) is the (possibly infinite) sum of all these probabihties. Now, let us define the T -reachability 
value in v by 

ReachT(t;) = sup{'P(Reach5^(i))) | ct is a strategy in D}. 

Observe that it is not required that this supremum is actually reached by a certain strategy a. If however a 
strategy a does reach the T-reachability value, i.e., 7'(Reachy (w)) — ReachT('y), then a is called optimal. 

A one-counter Markov decision process (OC-MDP) is a tuple A = (Q, (5o, 5>o, /o, />o), where Q = 
Qat y Qp is a finite set of control locations which is partitioned into nondeterministic control locations 
Qn and probabilistic control locations Qp, Sq C Q x {0, 1} x Q is a set of zero transitions and (5>o C 
(5 X { — 1, 0, 1} X Q is a set of positive transitions such that each q E Q has at least one outgoing zero 
transition and at least one outgoing positive transition, and finally /o (resp. />o) assigns to each q E Qp a 
probability distribution over all outgoing zero (resp. positive) transitions of q. The MDP that A describes 
is V{A) = (V, /), where 

- Vn = Qn X N and Vp = Qp x N, and 

- (g, n) ^ (q' , n + i) if and only if one of the following two holds: 

• n = and {q, i, q') G 5q. In this case / assigns to (g, n) ^ (g', n -|- z) the probability /o(g, i, q')- 

• n > and (g, i, q') G 5>o. In this case / assigns to (g, n) ^ (g', n+i) the probability />o(g, i, q')- 

Given an OC-MDP A = {Q, 6o, S>q, /o, />o) and a set of control locations RC Q, define 
ValOne(ii) = {(g,n) e Q x N | Reachflx{o}(9, ") = 1} 

and 

OptValOne(ii) = {(g,n) e Q x N | 3 strategy ct : P(Reach^^|oj(g,n)) = 1} 

(both sets are defined w.r.t I'(^)). In other words: ValOne(i?) is the set of all states (g, n) of the MDP 
VIA) such that for every e > there exists a strategy under which the probabiUty of reaching from 
(g, n) a control location in R and at the same time having counter value is at least 1 — e. OptValOne(i?) 
is the set of all states (g, n) of the MDP ^{A) for which there exists a specific strategy under which this 
probability becomes 1. 
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Theorem 18 ([5]). The following problem is PSPACE-hard and in EXPTIME; 
INPUT: An OCP-MDP A = {Q, 60, S>o, fo, f>o), RCQ,andqe Q. 
QUESTION: (g,0) e OptValOne{R)? 

Theorem 18 was proven by a reduction from the PSPACE-complete emptiness problem for alternating 
finite word automata over a singleton alphabet ([16], see also [17] for a simplified presentation). 

Theorem 19 ([5]). The following problem is hard for every level o/BH; 
INPUT: An OC-MDP A = (Q, (5o, (5>o, /o, />o), RQQ,andqe Q. 
QUESTION: (g, 0) £ ValOne{R)? 

Currently, it is open whether the problem stated in Theorem 19 is decidable; the corresponding problem 
for MDPs defined by pushdown processes is undecidable [10]. 

From the proof of Theorem 19 it can be seen that the authors prove actually hardness for P'^p['°s] 
Moreover, it is pointed out in [5] that various difficulties arise when trying to improve the latter lower 
bound. In this section, we will improve the lower bound for membership in ValOne(i?) to PSPACE. From 
our proof one can easily see that we reprove PSPACE-hardness of OptValOne as a byproduct. But first, we 
need the following lemma. 

Lemma 20. The following problem can be solved by a logspace transducer: 

INPUT: A list of the first m consecutive (encoded in unary) prime numbers and a Boolean formula F = 

F{{Xi^r)ie[m],0<r<pi)- 

OUTPUT: An OC-MDP A = A{F) with control locations Q, a set R — R(F) C Q, and some control 
location qp & Q such that for every number < M < Hiii Pi following holds: 

— If F{CT{Rrn{M)) =^ 1, then there exists a strategy a such that V{Reach'J^^^Qj(qp, M)) = 1. 

- IfF{CRRm{Mj) = 0, then for every strategy a we have 7'(/?eac/i^x{o} (Qf, M)) < 1 - 2-1^1 

Proof. As in the proof of Proposition 13 we can eliminate all input gates labeled with a negated variable 
-^Xi^r- The OC-MDP A = A{F) = {Q, 60, (5>o, fo, />o) will have for each subformula G of F a control 
location qa- If G is of the form G = Gi V G2, then qc will be nondeterministic and both in and in ^>o 
there is a transition from qc to both qoi and qa^ that does not change the counter value. If G is of the form 
G = Gi A G2, then qa will be probabiUstic and both in 60 and in (5>o there will be a transition to both qci 
and qG2 that does not change the counter value and which will be chosen with probability | each. Now 
assume that G is a variable Xi,r- Recall that Xi^r is set to one if and only if M mod pi = r. We introduce 
in A further (deterministically behaving) control locations q{j,Pi) for < j < Pi that allow to test if M is 
congruent r modulo Pi by allowing the following transitions in (5>o for each < j < Pi'. 

{q{.j,Pi),-'^,q{j - lmodpi,pi)) 
Since each q{j, pi) has to have an outgoing transition both in So and (5>o, we add the transition 

to 60 for each < j < pi. We put q^i^^ to be nondeterministic with a transition both in and in ^>o from 

qx^ ^ to q{r,pi) that does not change the counter value. Finally we put R = {q{0,pi) \ i [m]}. 
Assume first that F{CI{Rrn{M)) = 1. We prove that there exists a strategy a such that 

7'(Reach^^{0}(9F,M)) = l 

in T){A). Note that the only nondeterministic states in T){A) that have more than one successor are states 
which correspond to a disjunctive subformula G = Gi VG2 of F. If G(CRRm(M)) = 1, then there exists 
some i G {1, 2} such that Gj(CRRm(M)) = 1. Our strategy a will choose (gc, M)'s successor {qGi,M) 
with probability 1. If G(CRRm(M)) = 0, then the choice of a is irrelevant and we let a choose (qa, M)'s 
successor uniformly distributed, say. It is now easy to verify that V {Reach'^^^Qy {qp, M)) = 1. 
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On the other hand, assume that F{CRRm{M)) = and consider an arbitrary strategy a. The question 
is how close can 'P{Reach'^^^Qy{qF, M)) reach 1. We prove by induction on the structure of the formula 
Fthat 

T'(Reach?j^{0}(9F,M)) < 1 - 2-^ (7) 
where k is the number of conjunctions that appear in F. If is a variable Xi^r, then 

7'(Reach^^^oj(g^,M)) =0 = 1-2°. 

If = Fi V F2 then Fi(CRR„i(M)) = F2(CRRm(M)) = 0. Assume that a assigns to the transition 
from {qp, M) to {qp. , M) the probability Xi, where xi+ X2 = 1. With the induction hypothesis, we get 

^(Reach^x{0}(9F, M)) = x^ ■ 7'(Reach^^{oj((7j.,, M)) + x^ ■ 7'(Reach^^^o}(9F., M)) 

<xi(l-2-'=i)+X2(l-2-'=='), 

where ki the number of conjunctions that appear in Fi. Since ki < k, we get (7). Finally, assume that F = 
Fi A F2 and let fci be the number of conjunctions that appear in Fj. Hence, fcj < A:— l.If Fi(CRRm(M)) = 
F2(CRR„(M)) = then we get 7'(Reach^x{oj(gF, M)) < 1 - 2-'=+i < 1 - 2-*=. On the other hand, 
if e.g. Fi(CRRm(M)) = but F2(CRRto(M)) = 1 (the other case is symmetric), then we get 

P(Reach-^^o}(9F,M)) = 1 • P(Reach^^{o}fe,M)) + 1 • P(Reach- ^{o}(te, M)) 
- 2 ^ ' 2 

This concludes the proof of (7). Since k < \F\ we obtain ^(Reach^xio}!?^, Af)) < 1 - 2-l^l. This 
concludes the proof of Lemma 20. □ 

Theorem 21. The following problem is PSPACE-hard: 

INPUT: An OC-MDP A = {Q,do,S>oJo, f>o), R C Q, and q €1 Q. 

QUESTION: (g,0) e ValOne{R)? 

Proof. Let L C {0, 1}* be an arbitrary PSPACE-complete language, let x G {0, 1}* be a word of length n. 
We repeat steps 1 to 4 of the proof of Theorem 14. This means, we compute in logspace a Boolean formula 
F = F((a;i,r)i6[m],o<r<pi) of polynomial size in n such that forsomefixedNFA A = (5, {0,1}, 5, so,Sf) 
we have 

2'"-l 

x€L ^ Y[ F(CRR„(M)) e L{A). 

M=0 

By doubling, if necessary, the set of final states of A we can assume that states from Sf do not have 
outgoing transitions but every state from S\Sf has at least one outgoing transition. This assumption will 
slightly simplify our construction. 

Let G = Aie[m] ^1*^ ~ ^"^ "^od pi for each i e [to] be the Boolean formula that tests if M 
equals 2"^. We wiU build an OC-MDP A = {Q, So, (5>o, fo, />o) with S C Q and a target set of control 
locations RC Q such that 

2'"-l 

n F(CRR„(M)) G F(A) ^ Reachflx{0}(so,0) = l. 

Moreover, our reduction will have the additional property that 

Reach^x|o}(so,0) = 1 ^=4> 3ct : P(Reach^^|oj(so, 0)) = 1. 

Hence, we prove PSPACE-hardness of OptValOne as a byproduct. The control locations in 5 \ 5/ are 
nondeterministic in A (A will hence behave nondeterministically in control locations from S \ Sj). The 
NFA A on input F(CRR„,(0)) • • • F(CRR„^(2'" - 1)) will be simulated by A from state (sq, 0) by con- 
secutively incrementing the counter and checking if for the current counter value M and for the current (to 
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be simulated) 6-labeled transition of A we have F{CRRm{M)) = b. This simulation will be done until a 
state (s, 2™) with s € Sf is reached. Recall that by Lemma 20 we can compute OC-MDPs A{F A -iG), 
A{^F A ^G), and A{G) together with sets of control locations R{F A ^G), R{^F A -^G), and R{G), and 
control locations qp/s-^G, Q-^fa-^g, and qc such that, e.g., A{F A -iG) satisfies for each < M < HilLi 

^^(CRR„(M)) = 1 A M ^ 2" =^ 3 strategy cr : 7'(Reach^(^^^G)x{o}('Zf a-^g, M)) = 1 

F(CRR,„(M)) = 0VM = 2'"=>V strategies a : ^(Reach^(^^^c)^^oj(g^^^G, M)) < 1 - 2-l^^-Gl 

The OC-MDPs A{^F A -iG) and A{G) have analogous properties. 

In the following diagrams we draw transitions that do not modify the counter value in normal width and 
we draw transitions that increase the counter value by one in thicker width. We reaUze each NFA-transition 
(s, l,t) e S with s ^ Sf both in do and in (5>o by 

s .-(s, 1,^)^^ — -t 



1 

2 

1 
2 

whereas each transition (s, 0,t) G S with s ^ Sf is realized in A by 

s -{s,0,t)- — "t 

2 

1 
2 

?-.f'a-.g 

i.e. we connect the intermediate control location (s, b,t) €6 to A{F A -iG) (if 6 = 1) or A{^F A -iG) 
(if 6 = 0) for checking if F(CRRm(M)) ~ b and M < 2" for the current counter value M. Moreover, 

for all final states s G S'/ we add a transition s qg lo both do and (5>o that does not change the counter 
value. As expected, we put R = R{F A -.G) U R{^F A -.G) U R{G). Let T> = V{A) in the following. 
Note that since every non-final state has at least one outgoing transition in A, D is indeed an MDP, i.e., the 
underlying graph is deadlock-free. 

Now assume that x G L. We show that there exists a strategy a such that ^(Reach^x ^q} (*o, 0)) = 1. 

Since x £ L,we have nM=o P{^^^m{M)) G L{A) along with some accepting run 

bo bi fegm-l ^ ry 

So * Si >■ • • • S2"i_l > S2<n. € Df, 

where sm ^ Sf and 6m = -F(CRR„(M)) for all M e [0, 2™ - 1]. For each M G [0, 2" - 1] our strategy 
a will assign to {sm, M)'s successor ((sm, '^Mi sm+i), Af) probability 1. Moreover, by Lenmia 20 we 
can choose the strategy a such that: 

6m = 1 => 7'(Reach^^^oj(gFA^G,M)) = 1 
6m = 7'(ReachJj^{oj(g^fA^G,M)) = 1 

for each < M < 2"* and P(Reach^^{o}('?G, 2")) = 1. It follows 

P(Reach-^^oj(so,0)) = l. 

Conversely, assume now that x ^ L. Our goal is to prove a global non-zero lower bound on the probability 
of runs in V{a) that begin in (sq, 0) and that do not reach R x {0}, where a is an arbitrary strategy. For 
this, let us first fix an arbitrary strategy a in V. We distinguish the following three types (A), {B) and (G) 
of finite paths tt in the Markov chain X>(cr): 

Case (A): n is of the form 

{so, 0) ^ ((so, Co, si), 0) ^ (si, 1) ((si, Ci, S2), 1) • • • 

1 

{{sm-i,cm-i,sm),M - 1) (sm, M) ((sm, Cm, sm+i), M), 
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where M < 2™, cm F(CRR„(M)), and cat = F{CRR^{N)) for all N £ [0,M - 1]. The aw 
are probabiUties that result from the strategy a. Let a = nAre[o,M] '^Jv- The probabiUty for the set of all 
runs from (so, 0) that (i) start with tt, then (ii) proceed to {qfa^G, M) (if cm = 1) or to (^-.^ta-.g, M) (if 
Cm = 0), and (iii) do not visit R x {0} is at least 

. 2-M+l . 2-hi^A-G| > ^ . 2-(2'" + hFA-G|)_ 

Cas'e (B): it is of the form 

(S0,0) ^ ((so,C0,Sl),0) ^ (Sl,l) ^ ((si,Ci,S2),l) ^ (S2,2)--- 

{sm-i,M - 1) ^""') ((sm-1, cm-1, sm), M - 1) ^ (sm, -M") (gG, 1), 

where M < 2™, sm e S*/, and cjv = F(CRR™(A^)) for all iV G [0, M - 1]. Let /3 = nweio.M-i] /^JV- 
The probabihty for the set of all runs from (so, 0) that (i) start with tt and (ii) do not visit R x {0} is at least 

P . 2-M . 2-|G| > ^ . 2-(2'" + hi^A-G|)^ 

Case f CJ: TT is of the form 

(so,0) ^ ((so,co,si),0) ^ (si,l) ^ ((si,ci,S2), 1) • • • 

(S2,._l, 2- - 1) ^^^^ ((S2--1, C2--1, S2-), 2- - 1) i> (S2,., 2-), 

where ^ 5/ and cat = F(CRR™(A^)) for all N e [0,2™ - 1]. Let 7 = nAre[o.2™-i] 7a- The 
probability of the set of runs in V{a) that (i) begin with tt, then (ii) proceed (via an intermediate control 
location of the form (52™ , b, t)) to either {qfa^g, 2™) or {q^p/^^Q, 2"*) and (iii) that do no? reach R x {0} 
is at least 

^ . 2-(2"'+i) . ^ ^ . 2-(2'"+l+hFA-G|)_ 

Now, the crucial point is that the sum of all values a from (A), all values /3 from (B), and all values 7 
from (C) is 1. To see this, note that the nondeterministic choices in V correspond exactly to the selection 
of transitions in the NFA A. But, since x ^ L, every sequence of consecutive transitions in A either (i) 
reads in the (M + 1)* step (for some < M < 2™ - 1) a symbol different from F{CRRm{M)) (Case 
(A)) or (ii) reaches a final state after less than 2™ steps (Case (B)), or (iii) make at least 2™ steps and is 
not in a final state after exactly 2™ steps (Case (C)). Since moreover the set of paths in (A), (B), and (C) 
are pairwise disjoint, it follows that the probabiUty of the set of runs that do not reach R x {0} is at least 
2-(2'"+i+hFA^G|) -j^g concludes the proof of the theorem. □ 
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Appendix 

Let M be a nondeterministic Turing machine with a linear ordering on the set of all transition tuples. 
Assume furthermore that M does not contain infinite computation paths. Then, for every input x, the 
computation tree T{x) of the machine M on input a; is a finite ordered tree. Let vi,V2, ■ ■ ■ ,Vn be a list 
of all leafs of T{x) in left-to-right enumeration. Then the leaf string leaf (M, x) is the string aia2 ■ ■ ■ an, 
where a, = 1 (resp. a, = 0) if Vi is an accepting (resp. rejecting) configuration. 
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Theorem 22. Let Abe a language in PSPACE. Then A is AC -serializable, i.e., there exists a regular 
language L C {0, 1}*, a polynomial p{n), and a logspace-uniform AC'^ -circuit family (-B„)„>o, where Bn 
has exactly n + p{n) many inputs and one output, such that for every x G {0, 1}" we have: 

xeA ^ Br,{x, 0P(")) ■ • • Bn{x, e L, 

where "■ ■ ■ " refers to the lexicographic order on {0, 

Proof. Let A C {0, 1}* be a language in PSPACE. By the work of [14] there exists a nondeterministic 
polynomial time Turing machine 

M={Q,r,A,qo,qf,n) 
and a regular language K C {0,1}* such that 

x&A ^ leaf (M, x) e K. (8) 

Here, Q is the set of states, F is the tape alphabet, ZXCQxrxQxru {L, i?} is the set of transition 
tuples, go is the initial state, qj is the final (accepting) state, and □ is the blank symbol. W.l.o.g. we can 
assume that every computation path of M on an input of length n has length q{n) for a polynomial q. This 
can be enforced by introducing a counter. Note that the counter can be incremented deterministically, hence 
the produced leaf string does not change. Assume that A = {5i, . . . , 5m}, where 5\ < 5i < ■ ■ ■ < 5m 
the fixed order on the transition tuples of M. 

Let Q = Q U r \J A, where all three sets are assumed to be pairwise disjoint. We will encode a 
computation of M of length q{n), starting on input x G by a word from the language 

C{x) = {cotiCit2 ■ ■ ■ Cg(^n)-ltq{n)Cg{n) \ h, ■ ■ ■ ,tq{n) G ^ 

CO = goa;n«(")-", ci, . . . , Cg(„) e r*Qr+, 

|ci| = • • • = |c,(„)| = q{n) + 1, VO < i < q{n) : a Cj+i}. 

Here, Ci \^ti+i c-i+i means that configuration Cj+i results from configuration ci by applying transition fj+i. 
Let D{x) be the subset of C{x) consisting of aU successful computations cotiCit2 ■ ■ ■ Cq(^n)-i'tq{n)Cq{n) G 
C{x), wherein addition Cg(„) € r*qfr~^. 

Note that every word in C{x) has length {q{n) + 1)^ + q{n). We use some block encoding 7 : i7 ^ 
{0, 1}*^ such that 7((5i+i) is lexicographically larger than 7(i5t) for i € [m — 1]. This ensures that if we list 
all bit strings of length k-{{q{n) + 1)'^ +q{n)) in lexicographic order than the subset C(x) of all (encodings 
of) valid computations appears as a subsequence in the same order as in the computation tree T{x). 

Let us next describe a logspace-uniform AC°-circuit family (C,i),i>o, where the n-th circuit C„ has 
n + k- {{q{n) + 1)^ + q{n)) many inputs and accepts exactly all strings of the form xw, where x G {0, 1}" 
and w € C{x). Constructing C„ is tedious but straightforward. The most difficult part is to check Cj \-ti+i 
Cj+i for all < « < q{n). For this, we use an AND-gate g with q{n) many children go, ■ ■ ■ ,9q(n)~-i- 
Gate gi is an OR-gate with q{n) many children 5^1, . . . , gi^q{n) - Gate gij evaluates to 1 if and only if c^+i 
results from by applying the transition ti+i at position j. To achieve this, gij becomes an AND-gate with 
k{q{n) -|- 1) many input gates. Each of these gates compares two corresponding bits in the 7-encodings of 
Ci and Cj+i . It should be clear that such a circuit C„ can be built in logarithmic space. Analogously we can 
construct a logspace-uniform AC'^-circuit family (-Dn)n>o which accepts all strings of the form xw, where 
X e {0,l}"andw; e £'(a;). 

Finally, we construct from the two families (C„)„>o and {Dn)n>o a new logspace-uniform AC°-circuit 
family (i?„)„>o, where Bn has n + k- {{q{n) + 1)^ + q{n)) + 1 many inputs. On input xwQ (with x S S^) 
it outputs C„(.xw). On input xwl, Bn outputs Dn{xw). Now, let us construct from the regular language 
K C {0,1}* the new regular language L = (p{K \\ {a}*), where || is the shuffle operator, a ^ {0, 1} is a 
new symbol, and (p is the homomorphism with (p{a) = 00, (p{0) = 10, (f{l) = 11. 

The regular language L, the polynomial p{n) = k ■ {{q{n) + 1)^ -t- q{nj) + 1, and the circuit family 
{Bn)n>o fulfill the requirements from the theorem. □ 
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